Insider Threat Blog

Hello, this is Daniel Costa, Cyber Security Solutions Developer for the CERT Program, with the third of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats.

The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the enterprise to mitigate (prevent, detect, and respond to) insider threats, as well as case studies of organizations that failed to do so. The third of the 19 best practices follows.

Impactful mitigation of insider threats requires the cooperation and education of an organization's entire workforce. All employees need to understand that insider crimes do occur and can have severe consequences for both the organization and the employee. Periodic security training that includes insider threat awareness supports a stable culture of security in the organization.

Effective and lasting measures used to secure an organization against insider threats are ones that reflect the organization's mission, values, and critical assets. Employees must be taught that they are responsible for protecting the information the organization has granted them access to. Insider threat awareness training should emphasize that malicious insiders will most likely not fit a particular profile; rather, employees should be wary of behavioral indicators, such as making unusual requests of coworkers. No matter what assets an organization focuses on, it should still train its members to be vigilant against a broad range of malicious employee actions.

Organizations must educate employees about the confidentiality and integrity of the company's information, as well as the repercussions of compromising those attributes. Training programs should create a culture of security appropriate for the organization and include all personnel. Providing training on activities that indicate insider activity can lead to earlier, more frequent detection of insider threat incidents.

Check back in a few days to read about best practice 4, Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior, or subscribe to a feed of CERT Program blogs to be alerted when a new post is available.

SEI LIBRARY

LATEST POST

According to DevSecOps: Early, Everywhere, at Scale, a survey published by Sonatype, "Mature DevOps organizations are able to perform automated security analysis on each phase (design, develop, test) more often than non-DevOps organizations." Since DevOps enables strong collaboration and automation of the process and enforces traceability, mature DevOps organizations are more likely to perform automated security analysis than non DevOps organizations. My previous blog post, Microcosm: A Secure DevOps Pipeline as Code, helped address the problem that most organizations do not have a complete deployment pipeline in place (and are therefore not considered to be DevOps mature) by automating penetration tests of software applications and generating HTML reports as part of the build process through the Jenkins CI service. In this follow-up blog post, I explore the use of a service evolution of Microcosm as a simple one-stop shop for anyone interested in learning how to implement a DevSecOps pipeline.